# Register-CommonEnforce.ps1 - Stage Common-Enforce.ps1 + Install-FromManifest
# and register the 'GE Common Apps Enforce' logon task. Cross-PC-type: called
# from Run-ShopfloorSetup.ps1 for every shopfloor image.
#
# Replaces the former Acrobat-only enforcer with a single task that handles
# all common apps (Acrobat, Defect Tracker, future additions) from one
# manifest on the SFLD share.

$ErrorActionPreference = 'Continue'

$installRoot    = 'C:\Program Files\GE\CommonApps'
$runtimeLib     = Join-Path $installRoot 'lib\Install-FromManifest.ps1'
$runtimeEnforce = Join-Path $installRoot 'Common-Enforce.ps1'
$logDir         = 'C:\Logs\CommonApps'
$setupLog       = Join-Path $logDir 'setup.log'

$sourceLib     = Join-Path $PSScriptRoot 'lib\Install-FromManifest.ps1'
$sourceEnforce = Join-Path $PSScriptRoot 'Common-Enforce.ps1'

if (-not (Test-Path $logDir))       { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
if (-not (Test-Path $installRoot))  { New-Item -Path $installRoot -ItemType Directory -Force | Out-Null }
if (-not (Test-Path (Join-Path $installRoot 'lib'))) {
    New-Item -Path (Join-Path $installRoot 'lib') -ItemType Directory -Force | Out-Null
}

function Write-SetupLog {
    param([string]$Message, [string]$Level = 'INFO')
    $line = "[{0}] [{1}] {2}" -f (Get-Date -Format 'yyyy-MM-dd HH:mm:ss'), $Level, $Message
    Write-Host $line
    Add-Content -Path $setupLog -Value $line -ErrorAction SilentlyContinue
}

Write-SetupLog "=== Register-CommonEnforce start ==="

foreach ($pair in @(
    @{ Src = $sourceLib;     Dst = $runtimeLib },
    @{ Src = $sourceEnforce; Dst = $runtimeEnforce }
)) {
    if (-not (Test-Path $pair.Src)) {
        Write-SetupLog "Source not found: $($pair.Src) - cannot stage" "ERROR"
        continue
    }
    Copy-Item -Path $pair.Src -Destination $pair.Dst -Force
    Write-SetupLog "Staged $($pair.Src) -> $($pair.Dst)"
}

# Clean up old Acrobat-only enforcer if present (from prior images).
foreach ($oldTask in @('GE Acrobat Enforce')) {
    $old = Get-ScheduledTask -TaskName $oldTask -ErrorAction SilentlyContinue
    if ($old) {
        Write-SetupLog "Removing legacy task '$oldTask'"
        Unregister-ScheduledTask -TaskName $oldTask -Confirm:$false -ErrorAction SilentlyContinue
    }
}

$taskName = 'GE Common Apps Enforce'
$existing = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
if ($existing) {
    Write-SetupLog "Removing existing scheduled task '$taskName'"
    Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
}

Write-SetupLog "Registering scheduled task '$taskName' (logon trigger, SYSTEM)"
try {
    $action    = New-ScheduledTaskAction `
        -Execute 'powershell.exe' `
        -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$runtimeEnforce`""

    $trigger   = New-ScheduledTaskTrigger -AtLogOn
    $principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
    $settings  = New-ScheduledTaskSettingsSet `
        -AllowStartIfOnBatteries `
        -DontStopIfGoingOnBatteries `
        -StartWhenAvailable `
        -ExecutionTimeLimit (New-TimeSpan -Minutes 30) `
        -MultipleInstances IgnoreNew

    Register-ScheduledTask `
        -TaskName $taskName `
        -Action $action `
        -Trigger $trigger `
        -Principal $principal `
        -Settings $settings `
        -Description 'GE Common Apps: enforce Acrobat, Defect Tracker, and other cross-type apps against tsgwp00525 SFLD share on user logon' | Out-Null

    Write-SetupLog "Scheduled task registered"
} catch {
    Write-SetupLog "Failed to register scheduled task: $_" "ERROR"
}

Write-SetupLog "=== Register-CommonEnforce end ==="